Manuals / Enterasys Networks / Computer Equipment / Network Card

Enterasys Networks 2E253, 2H253, 2H252, 2H258 manual Solving the Problem, Switches 1

Models: 2H258 2E253 2H252 2H253

1 390

Download 390 pages 24.92 Kb

Page 364

Example 3, Filtering Traffic According to a Layer 4 Classification Rule

12.14EXAMPLE 3, FILTERING TRAFFIC ACCORDING TO A LAYER 4 CLASSIFICATION RULE

This example illustrates how to filter out broadcast transmissions at Layer 4 from other parts of a network.

In this example, illustrated in Figure 12-16, Switches S1 and S2 have already been configured and are operating. However, it was discovered that the Routing Information Protocol (RIP) broadcast frames from routers R1 and R2 were flooding the subnetwork of Switches S1 and S2.

Figure 12-16 Example 3, Filtering Traffic According to a Classification

R1

Port 25

S1

Users

R2

Port 25

S2

Users 30691_73

12.14.1 Solving the Problem

To prevent the RIP broadcasts from flooding the users terminals connected to S1 and S2, a new VLAN will be added to each switch, but not assigned to any ports (creating a Null VLAN). Then each switch will be configured with a Layer 4 classification rule that will classify each RIP broadcast frame received on Port 25 of each switch to the Null VLAN. Since the Null VLAN is not associated with any ports, the frame will be dropped and not transmitted out any port.

In this example, the switches have already been configured and operating. The following covers only those steps needed to configure each switch to eliminate the problem.

Switches 1 and 2

Each switch is set as follows:

1.A VLAN is added to the list of VLANs in the Static VLAN Configuration screen and assigned to an FDB ID. In this example, the switch is set as follows:

• VLAN ID 99, FDB ID 99, with a VLAN Name of Null VLAN

12-32VLAN Operation and Network Applications

Image 364

Enterasys Networks 2E253, 2H253, 2H252, 2H258 manual Solving the Problem, Switches 1

Contents

SmartSwitch 2200 Series Page Page Enterasys NETWORKS, INC Program License Agreement Page Page Contents Device Configuration Menu Screens Port Configuration Menu Screens Configuration Menu Screens Layer 3 Extensions Menu Screens Network Tools Screens Generic Attribute Registration Protocol Garp Figures Xiii Xiv Tables Xvi Tables Using this Guide About This GuideStructure of this Guide Xix Related Documents Document ConventionsTypographical and Keystroke Conventions Bold typePage Introduction OverviewManagement Agent Navigating Local Management Screens In-Band vs. Out-of-BandLocal Management Requirements Local Management Screen Elements None DefinedEvent Message Field Display FieldsInput Fields Selection FieldsCommand Fields Local Management Keyboard ConventionsGetting Help Your email addressPage Management Terminal Setup Local Management Requirements2H252-25R SmartSwitch device is shown in -1as an example Console Cable ConnectionManagement Terminal Setup Parameters VT100IDMonitoring AN Uninterruptible Power Supply Telnet ConnectionsDB9 Port RJ45 COM Port Page Accessing Local Management 802.1Q Switching Mode, LM Screen Hierarchy Using the Exit Command Using the Return CommandSelecting Local Management Menu Screen Items Exiting Local Management ScreensUsing the Next and Previous Commands Using the Clear Counters CommandPassword Screen When to UseHow to Access Screen ExampleEnter Device Menu Screen Screen Navigation PathConfiguration Menu DescriptionsDevice MenuTools NetworkSecurity Cont’d SectionOverview of Security Methods Host Access Control Authentication Haca Overview of Security Methods 14Accessing Local Management 2 802.1X Port Based Network Access Control Definitions of Terms and Abbreviations2.2 802.1X Security Overview MAC Authentication Overview Authentication Method SelectionAuthentication Method Sequence Concurrent Operation of 802.1X and MACAuthentication MAC 20Accessing Local Management MAC Authentication Control Security Menu Screen Refer to -4for a functional description of each menu item Passwords Name ServicesAuthentication RadiusPasswords Screen Module Login Passwords ScreenSwitch Field DescriptionsSetting the Module Login Password Radius Configuration ScreenTimeout RetriesLast Resort Action/Local Selectable Last Resort Action/Remote ToggleRadius Client IP AddressSetting the Last Resort Authentication Setting the Local and Remote ServersName Services Configuration Screen Name Services Configuration ScreenSwitch Name Modifiable Name ServicesWeb Authentication Secure Harbour IPSystem Authentication Configuration Screen System Authentication Configuration ScreenAuthentication Authenticated , or UnauthenticatedSystem Port #EAP Port Configuration Screen EAP Port Configuration ScreenPort Authentication State Backend StatePort Control Force Reauth Initialize PortMaximum Requests EAP Statistics Menu Screen 10 EAP Statistics Menu ScreenEAP Diagnostic AuthenticatorEAP Session EAP Session Statistics Screen When to Use 11 EAP Session Statistics ScreenAuthenticate Server or a local Authentication Server Method SessionIDSessionOctetsRx SessionOctetsTxEAP Authenticator Statistics Screen When to Use Clear Counters CommandSession User Name Port Number12 EAP Authenticator Statistics Screen Clear Counters EAP Diagnostic Statistics Screen When to Use 13 EAP Diagnostic Statistics ScreenEnters Connecting Logoffs ConnectingAuthenticating TimeoutsAuthenticated Access ChallengesBackend Statistics Responses Other Requests ToClear MAC Port Configuration ScreenCounters Port Enable 14 MAC Port Configuration ScreenMAC Supplicant Configuration Screen SET ALL PortsDuration MAC AddressReauthenticate Sup Initialize SupplicantPlicant FalseDevice Configuration Menu Screens Device Configuration Menu Screen General ConfigurationGeneral SnmpResources InformationGeneral Configuration Screen 0.0Default Gateway Subnet MaskTftp Gateway IP AddrOperational Mode Device TimeScreen Refresh TimeAgg Mode Clear NvramIP Fragmentation WebViewSetting the IP Address Configuration Warning Screen, IP AddressSetting the Subnet Mask Configuration Warning Screen, Subnet MaskSetting the Default Gateway Setting the Tftp Gateway IP AddressSetting the Module Name Setting the Device DateSetting the Screen Lockout Time Setting the Device TimeEntering a New Screen Refresh Time Configuring the COM Port Changing the COM Port Application COM Port WarningClearing Nvram UPSEnabling/Disabling IP Fragmentation Clear Nvram WarningSnmp Configuration Menu Screen Snmp Configuration Menu ScreenSnmp Community Names Configuration Screen Snmp Community Names Configuration Screen Establishing Community Names Snmp Traps Configuration Screen Snmp Traps Configuration ScreenConfiguring the Trap Table Enable TrapsTrap Destination Trap CommunityAccess Control List Screen 10 Access Control List ScreenAccess Control Lists IP AddrEntering Single Addresses Entering IP AddressesMask Entering Ranges of Addresses Enable/Disable ACL System Resources Information Screen XX KBSetting the Reset Peak Switch Utilization Flash Download Configuration Screen 12 Flash Download Configuration Screen Flash Download Configuration Screen Field Descriptions Reboot After DownloadDownload Server IP Download FileImage File Download Using Runtime Configuration File Download Using TftpConfiguration File Upload Using Tftp 36Device Configuration Menu Screens Port Configuration Menu Screens Port Configuration Menu Screen Port Configuration Menu Screen in Agg Mode, HuntgroupEthernet InterfaceHSIM/VHSIM RedirectEthernet Interface Configuration Screen Intf Port TypeConfig LinkSpeed DuplexEthernet Port Configuration Screen HDX FCRefer to -3for a functional description of each screen field Default Speed Default DuplexInterface Physical Port10Port Configuration Menu Screens Full Duplex Flow ControlHalf Duplex Flow Save to ALLSelecting Field Settings Setting the Advertised AbilityRedirect Configuration Menu Screen HSIM/VHSIM Configuration ScreenConfiguration Menu Redirect Configuration Menu Screen Port Redirect Configuration Screen Source Port Destination PortRedirect Errors Frame FormatSource Port n StatusChanging Source and Destination Ports Vlan Redirect Configuration Screen Vlan Redirect Configuration Screen Source Vlan Source Vlan nChanging Source Vlan and Destination Ports Usage Notes Aggregation MenuRapid Reconfiguration Spanning Tree Definitions to KnowLink Aggregation 802.3ad Main Menu Screen 1 802.3ad Port Screen When to Use Aggregator802.3ad Port Screen Viewing and Editing 802.3ad Port Parameters AggregatorOperKey MUX1.1 802.3ad Port Details Screen When to Use 10 802.3ad Port Details ScreenActorSystemPriority Port InstancePartnerAdminSysID ActorOperState PartnerOperState Lagid Displaying Port StatisticsStats 1.2 802.3ad Port Statistics Screen When to Use 11 802.3ad Port Statistics ScreenLACPDUsRx IllegalRxMarkerPDUsRx LACPDUsTxLastRxTimedelta ActorChurnStatePartnerChurnState ActorChurnCount2 802.3ad Aggregator Screen When to Use 12 802.3ad Aggregator ScreenViewing and Editing 802.3ad Aggregator Parameters Displaying Aggregator DetailsAggInst SysPri2.1 802.3ad Aggregator Details Screen When to Use 13 802.3ad Aggregator Details ScreenInstance Partner3 802.3ad System Screen When to Use 14 802.3ad System ScreenBroadcast Suppression Configuration Screen System IdentifierNumber of Ports NumberPort # Total RXSetting the Threshold Setting the Reset PeakConfiguration Menu Screens 802.1 Configuration Menu Screen 802.1 Configuration Menu Screen802.1Q Vlan Spanning Tree802.1p Spanning Tree Configuration Menu Screen Tree Configuration MenuSpanning Tree Configuration Screen Vlan AgeTimeCurrent STP Mode ConfiguredPriority OperationConfiguring a Vlan Spanning Tree Spanning Tree Port Configuration Screen Spanning Tree Port Configuration ScreenAge Time Switch AddressSTP Vlan ID Pvst Port Configuration Screen Enabling/Disabling the Default Spanning Tree PortsViewing Status of Spanning Tree Ports Port Designated Root CorrespondingPort Designated Port Priority Port Designated CostPort State Port Designated PortPage 802.1Q Vlan Configuration Menu Screens Vlan Configuration MenuPreparing for Vlan Configuration Summary of Vlan Local Management802.1Q Vlan Configuration Menu Screen 802.1Q Vlan Configuration Menu Screen Current Vlan Static VlanVlan Port Static Vlan Configuration Screen ClassificationVlan ID FDB IDCreating a Static Vlan Vlan NameADD DEL MarkedDisplaying the Current Static Vlan Port Egress List Renaming a Static VlanDeleting a Static Vlan Paging Through the Vlan ListStatic Vlan Egress Configuration Screen Static Vlan Egress Configuration ScreenEgress Setting the Egress Type on One or More Ports Individually Setting Egress Types on PortsSetting the Same Egress Type on All Ports Simultaneously Current Vlan Configuration Screen Displaying the Next Group of PortsVlan Type Read-Only An example of a dynamic Vlan is a Gvrp VlanCurrent Vlan Egress Configuration Screen Current Vlan Egress Configuration ScreenVlan Port Configuration Screen Policy Pvid Override isPvid Changing the Port Mode Configuring the Vlan PortsVlan Classification Configuration Screen Admit Tagged Frames onlyVID VIDClassification DescriptionDEL ALL/DEL Marked0x0000 000.000.000.000 0000x00000000 Tftp Http DNS Smtp Src TCP Port FTP Data Nlsp IPX WAN Custom 00-00-00-00-00-00Classification Precedence Rules Layer Classification Precedence Example Displaying the Current Classification Rule AssignmentsAssigning a Classification to a VID Protocol Port Configuration Screen Deleting Line ItemsDeleting All Classification Rules Deleting One or More Classification RulesProtocol Port Configuration Screen Field Classification RuleClassify Assigning Ports to a VID/Classification Assigning One or More Ports IndividuallyAssigning All Ports Simultaneously SET Ports toAssigning VID/Classification to Port Vlan Lists 802.1p Configuration Menu Screen Navigation Paths802.1p Configuration Menu Screen When to Use Port Priority ConfigurationPort Priority Traffic ClassTransmit QueuesPort Priority Configuration Screen Port Priority Configuration Screen Policy Override Setting Switch Port Priority Port-by-PortSet Setting Switch Port Priority on All Ports Traffic Class Information ScreenTraffic Class Information Screen Traffic Class Information Screen Field Descriptions Traffic Class Configuration Screen Traffic Class Configuration ScreenTraffic Class Assigning the Traffic Class to Port PrioritySave Transmit Queues Configuration Screen Transmit Queues Configuration Screen Weights Q0, Q1 Current QueueingMode Q2, Q3Setting the Current Queueing Mode Priority Classification Configuration Screen PID PID18802.1p Configuration Menu Screens No Change TOS=PID Custom TCP No Change TOS=PID Custom Dest IP Address Mask New IP TOS Tftp Src TCP Port New IP TOS FTP Data IP Fragments New IP TOS IP Fragments2 Start End New IP TOS 00000 Dest TCP Port Start End New IP TOS 00000 SAP 28802.1p Configuration Menu Screens Layer About the IP TOS Rewrite FunctionDisplaying the Current PID/Classification Assignments Assigning a Classification to a PIDDeleting All Line Items Deleting PID/Classification/Description Line ItemsDeleting One or More Line Items Protocol Port Configuration Screen See which ports are set to the PID/Classification indicated Assigning Ports to a PID/Classification Solving the Problem Switch Rate Limiting Configuration Screen Priority List MaximumFeature Port Number Modifiable Port TypeDirection Configuring a Port 42802.1p Configuration Menu Screens Changing/Deleting Port Line Items Changing One or More Line ItemsMore About Rate Limiting Rate Limiting Configuration Screen Page Layer 3 Extensions Menu Screens Layer 3 Extensions Menu ScreenIGMP/VLAN Layer 3 Extensions Menu ScreenIGMP/VLAN Configuration Screen Igmp Version 120Query Interval Query ResponseRobustness Last Member QuerySwitch Query IP McastMartPoolSizeQuerier Address Querier UptimeIGMP/VLAN Configuration Procedure Igmp StatePage Device Statistics Menu Screens Device Statistics Menu ScreenLists the number of frames received, transmitted, filtered, Switch Statistics Screen RmonFrames Txmtd Frames RcvdFrames Fltrd Interface Statistics Screen Frames FrwdedInOctets Interface Statistics ScreenInErrors OutErrorsInUnicast InNonUnicastDisplaying Interface Statistics MTURmon Statistics Screen Rmon Statistics ScreenCRC Align Errors Rmon IndexData Source OwnerOversized Pkts FragmentsJabbers Total Packets1024 1518 Octets Displaying Rmon StatisticsIndex nn Network Tools Screens Screen ExampleNetwork Tools Help Screen Refer to -1for a list of the commands Command AliasExamples Alias StatsArp Arp-aSyntax Bridge ENABLE/DISABLE IFNUM/ALL Options ArplearnBridge Syntax Arplearn normal limited status OptionsCdp Syntax Cdp enable/disable/status OptionsDefroute Syntax dynamicegress action vid Options action DynamicegressVid Syntax Enable Group Disable Group Trap #ALL Commands for Listing Events Syntax igmpv3drop enable disable status GigabitportmodeIgmpv3drop Syntax gigabitportmode active redundant statusLgframeadmin Syntax linktrap enable/disable/status PORT/all Syntax loopbackdetect enable disable stateLinktrap LoopbackdetectMaclock Syntax maclock show port# allSyntax Maclock set enable port# all global Maclock set disable port# all globalMaclock set macaddress port# all create enable disable Maclock set trap port# all enable disableMaclock show Stations Maclock set enable global NetstatNonbridgeifnum Syntax nonbridgeifnum 0 9999 statusPassiveStp PingPolicy Syntax policy show profile profileindexPolicy show port portnumberorrangeorall Policy set port portnumberorrangeorall profileindexExamples Contiued Policy show portRadius 11-24Network Tools Screens Character string for the shared secret code. For security Radius clientRatelimitmode Syntax ratelimitmode status highrange default lowrangeExamples Cont’d Reset Syntax reset Options None Example -resetShow SatsizeSyntax Satsize 8 16 status Options Show Appletalk interfaces Softreset Syntax softreset Options NoneStpEdgePort Syntax stpEdgePort statusStpForceVersion Syntax StpForceVersion 0 2 status OptionsSyntax stpLegacyPathCost enable disable status StpLegacyPathCostRecommended ValueStpPointToPointMAC StpPort Syntax stpRealTimeMsgAge enable disable statusStpRealTimeMsgAge Syntax Suppresstopologytraps enable disable Options SuppresstopologytrapsTelnet Syntax Telnet IP address Port # OptionsTimedsoftreset TimedresetSyntax timedsoftreset status t seconds resetnv dontresetnv Syntax timedreset status t seconds resetnv dontresetnvTraceroute Syntax Traceroute IP address OptionsVrrpPort EXAMPLE, Effects of Aging Time on Dynamic Egress Done, quit, exit Options None Example -doneVlan Operation and Network Applications Defining VLANs Example of a Vlan12.2.1 802.1Q VLANs Types of VLANsOther Vlan Strategies Vlan Terms Benefits and RestrictionsIngress Default Vlan Filtering DatabaseIdentifier FDB ID Tagged FrameQcstp Garp Garp VlanGvrp GmrpConfiguration Process Vlan OperationVlan Switch Operation Defining a VlanClassifying Frames to a Vlan Customizing the Vlan Forwarding ListFID Receiving Frames from Vlan Ports Untagged FramesTagged Frames Forwarding DecisionsManaging the Switch Vlan ConfigurationKnown Unicasts Switch Without VLANs Switch with VLANsSwitch Management with VLANs 12-14VLAN Operation and Network Applications 3069162 Quick Vlan Walkthrough Assigning a Vlan ID and Vlan NameWalkthrough Stage One, Static Vlan Configuration Screen Assigning Ports to the Vlan Egress listWalkthrough Stage Two, Port 3 Egress Setting Configuring the Port Parameters Walkthrough Stage Three, Port 10 Egress SettingWalkthrough Stage Four, Vlan Port Configuration Example 1, Single Switch Operation ExamplesFor the Red Vlan 11 Switch Configured for VLANs Frame HandlingExample 2, VLANs Across Multiple Switches Redco Blue Industries 12-26VLAN Operation and Network Applications Switch 12-28VLAN Operation and Network Applications Redco Blue Industries User a Blue Industries Redco 15 Transmitting to Bridge Switches 1 Finance Department Example 5, Using Dynamic Egress to Control Traffic PCs 00.00.00.00.00.0A Switch SET ALL Ports no Vlan Operation and Network Applications Page Generic Attribute Registration Protocol Garp HOW IT Works About Igmp Supported Features and Functions Detecting Multicast Routers Page Index NumericsIndex-2 Index-3 Index-4 Index-5 Index-6 Index-7 Index-8 Index-9 Index-10 Index-11